Linux iptables

Linux is vulnerable to an integer underflow in the iptables code that handles
firewall rules, which can be exploited by a remote attacker to crash the server.
To exploit this vulnerability, the attacker would construct a packet that, when
processed by the firewall, would crash the server. Machines without the firewall
enabled are not vulnerable to this attack.

All affected users should upgrade to a repaired version of the Linux kernel
or should watch their vendors for a patched version of the kernel for their
distribution.

OpenSSL 0.9.7e

The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source
toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking
code and bug fixes in code dealing with S/MIME.

The OpenSSL project team strongly recommends all users of OpenSSL upgrade
to version 0.9.7e or newer as soon as possible.

PuTTY

PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows
and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG
packets during a SSH2 connection can be exploited by a remote attacker to execute
arbitrary code on the server with the permissions of the user account running PuTTY.

All users of PuTTY should upgrade to version 0.56 or newer as soon as possible.

rssh

rssh, a restricted shell designed to be used with OpenSSH that places a user
in a chroot jail and only allows the use of scp and sftp, contains a format-string vulnerability that may be exploitable by a remote attacker to execute
arbitrary commands. In most cases, if this vulnerability is exploited, the attacker
will only gain the ability to issue arbitrary commands with his user account's
permissions. But under some conditions, it may be possible that the attacker
can execute arbitrary commands with root permissions.

All users of rssh should upgrade to version 2.2.2 or newer as soon as possible.

Quake II Server

The Quake II gaming server is reported to have several vulnerabilities, including
remote and local buffer overflows, denial-of-service vulnerabilities, and remote
information leaks. It is unclear if the reported buffer overflows can be successfully
exploited to execute code on the server.

Users running a Quake II server should consider upgrading to version R1Q2
or some other repaired version.

libmagick6

The libmagick6 library contains a buffer overflow in the function that parses
EXIF information. When an application linked against the libmagick6 library
attempts to read EXIF information from an image file, a buffer overflow may
occur and lead to the execution of code with the permissions of the user running
the application.

Affected users should watch their vendors for a repaired version of the libmagick6
library or should upgrade to version 6.1.0. A repaired version has been released
for Ubuntu 4.10 Linux.

HP Serviceguard

"HP Serviceguard is a specialized software for protecting mission-critical
applications from a wide variety of hardware and software failures." A
bug has been reported in HP Serviceguard that may allow a non-privileged user
to gain root access. The bug can be exploited by any attacker who can access
the subnet on which HP Serviceguard is running.

HP has released patches to repair this bug and all affected users should upgrade
as soon as possible. HP also recommends that users read HP's new white paper, "Securing
Serviceguard." For more information, users should contact HP or their support
vendors.

Xpdf

Xpdf is a PDF reader for Unix and the X Window System. Xpdf and other viewers
that use code derived from Xpdf (gpdf, kpdf, and pdftohtml) are reported to
be vulnerable to several buffer overflows that may, under some conditions, be
exploited using a carefully crafted PDF file to execute arbitrary code.

Users should watch their vendors for a repaired version of Xpdf, gpdf, kpdf,
and, pdftohtml. SuSE has released repaired versions for SuSE Linux Enterprise
Server 8 and 9, and SuSE Linux Desktop 1.0.

FreeRadius

The FreeRadius open source RADIUS server is reported to be vulnerable to several
remote denial-of-service attacks.

All users of FreeRadius should watch their vendors for a updated version and
should consider protecting FreeRadius from unauthorized connections by using a
firewall.

WVTFTPD

WVTFTPD, a fast TFTP (Trivial File Transfer Protocol) implementation, is reported
to be vulnerable to a buffer overflow that may be exploitable by a remote attacker
to execute arbitrary code with the permissions of the root user. This buffer
overflow is reported to affect all versions of WVTFTPD before 0.9.1. Code to
automate the exploitation of this vulnerability has been released to the public.

All users of WVTFTPD should upgrade to version 0.9.1 or newer as soon as possible
and should consider disabling it until it has been upgraded.

GNU tftp

GNU tftp contains a buffer overflow that can be exploited by an attacker using
a remote DNS server under their control, or by spoofing DNS replies. Successfully
exploiting the vulnerability can result in arbitrary code being executed with
the permissions of the account under which the application is running.

User should watch for a new version of inetutils that contains a repaired
version of tftp.

pppd

pppd is a Unix daemon that implements both the client and server side of PPP
(Point to Point Protocol). It is vulnerable to a buffer overflow that is reported
to only be exploitable in a denial-of-service attack.

Affected users should watch their vendors for an updated version of pppd.